[JIRA] (JENKINS-60812) Failed known_hosts verification for non-standard ssh port

24 views
Skip to first unread message

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 2:00:08 AM1/19/20
to jenkinsc...@googlegroups.com
Arthur Demchenkov created an issue
 
Jenkins / Bug JENKINS-60812
Failed known_hosts verification for non-standard ssh port
Issue Type: Bug Bug
Assignee: Ivan Fernandez Calvo
Components: ssh-slaves-plugin
Created: 2020-01-19 06:59
Environment: Debian 9
openjdk version "1.8.0_222"
jenkins 2.204.1
SSH Slaves plugin 1.31.0
Priority: Major Major
Reporter: Arthur Demchenkov

Host Key Verification Strategy is broken for non-standard SSH ports.

Jenkins log:
[01/19/20 06:17:44] [SSH] Opening SSH connection to slave.net28:58968.
[01/19/20 06:17:44] [SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
Key exchange was not finished, connection is closed.
java.io.IOException: There was a problem while connecting to slave.net28:58968

Command line:
jenkins@jenkins:~$ ssh-keygen -H -F [slave.net28]:58968

1 EAUuHpVvln52WKE434qHFyJrEzM= KyIhaIA1YlW1hDeFIzdvgJQzU8s= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFmmZQx/Cmy1rRV7HsAff4JiIqKPopwVtIgkAaAnG38DESY/cG4xYum0i96eYzmvGxf4UADKDT2e7ePFkJmp9yM=

Changing ssh port to 22 fixes the issue.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

kuisathaverat@gmail.com (JIRA)

unread,
Jan 19, 2020, 3:55:03 AM1/19/20
to jenkinsc...@googlegroups.com
Ivan Fernandez Calvo closed an issue as Not A Defect
 

The know_hosts file should include the port on the host identified to allow to connect to a non standard port, the format is

Host:port public-key name
Change By: Ivan Fernandez Calvo
Status: Open Closed
Resolution: Not A Defect

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 4:59:04 AM1/19/20
to jenkinsc...@googlegroups.com
Arthur Demchenkov commented on Bug JENKINS-60812
 
Re: Failed known_hosts verification for non-standard ssh port

The known_host file was generated automatically by ssh client.

What did I do wrong which leaded to this behaviour?

Is it supposed the user should fill that file manually or something?

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 5:03:02 AM1/19/20
to jenkinsc...@googlegroups.com
Arthur Demchenkov edited a comment on Bug JENKINS-60812
The known_host file was generated automatically by ssh client.
What did Did I do something wrong which leaded to this behaviour?


Is it supposed the user should fill that file manually or something?

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 5:03:03 AM1/19/20
to jenkinsc...@googlegroups.com
Arthur Demchenkov reopened an issue
 

Where is that behaviour documented? It's not seen neither in Jenkins logs or popup "?" messages.
Change By: Arthur Demchenkov
Resolution: Not A Defect
Status: Closed Reopened

kuisathaverat@gmail.com (JIRA)

unread,
Jan 19, 2020, 1:26:02 PM1/19/20
to jenkinsc...@googlegroups.com
Ivan Fernandez Calvo closed an issue as Not A Defect
Change By: Ivan Fernandez Calvo
Status: Reopened Closed
Resolution: Not A Defect

kuisathaverat@gmail.com (JIRA)

unread,
Jan 19, 2020, 1:26:02 PM1/19/20
to jenkinsc...@googlegroups.com

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 1:43:03 PM1/19/20
to jenkinsc...@googlegroups.com

Why changing ssh port to 22 fixes the issue?

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 1:49:04 PM1/19/20
to jenkinsc...@googlegroups.com

Also adding an empty-port entry to known_hosts file fixes the issue.

To reproduce this case, just change the SSH port to default (on the server), connect at least once, to add have entry added to known_hosts file.

Then change SSH port to whatever you want and Jenkins stops refusing to connect.

This is a bug. The port is ignored by plugin when trying to find entry in known_hosts file.

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 1:50:03 PM1/19/20
to jenkinsc...@googlegroups.com
Arthur Demchenkov edited a comment on Bug JENKINS-60812
Also adding an empty-port entry to known_hosts file fixes the issue.

To reproduce this case, just change the SSH port to default (on the server), connect at least once, to add have the entry added to known_hosts file.


Then change SSH port to whatever you want and Jenkins stops refusing to connect.

This is a bug. The port is ignored by plugin when trying to find entry in known_hosts file.

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 1:50:03 PM1/19/20
to jenkinsc...@googlegroups.com
Arthur Demchenkov reopened an issue
Change By: Arthur Demchenkov
Resolution: Not A Defect
Status: Closed Reopened

spinal.by@gmail.com (JIRA)

unread,
Jan 19, 2020, 1:51:07 PM1/19/20
to jenkinsc...@googlegroups.com
Arthur Demchenkov edited a comment on Bug JENKINS-60812
Also adding an empty-port entry to known_hosts file fixes the issue.

To reproduce this case, just change the SSH port to default (on the server), connect at least once, to have the entry added to known_hosts file.


Then change SSH port to whatever you want and Jenkins stops refusing to connect.

This is a bug. The port is ignored by plugin when trying to find the entry in known_hosts file.

kuisathaverat@gmail.com (JIRA)

unread,
Jan 19, 2020, 2:49:02 PM1/19/20
to jenkinsc...@googlegroups.com

I have replicated the issue, and I am testing a fix on a test environment https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-60812.

kuisathaverat@gmail.com (JIRA)

unread,
Jan 19, 2020, 2:53:03 PM1/19/20
to jenkinsc...@googlegroups.com
Status: Reopened Open

kuisathaverat@gmail.com (JIRA)

unread,
Jan 19, 2020, 2:54:04 PM1/19/20
to jenkinsc...@googlegroups.com
Status: Open In Progress

kuisathaverat@gmail.com (JIRA)

unread,
Jan 19, 2020, 4:02:02 PM1/19/20
to jenkinsc...@googlegroups.com
Status: In Progress Review

kuisathaverat@gmail.com (JIRA)

unread,
Feb 1, 2020, 12:06:03 PM2/1/20
to jenkinsc...@googlegroups.com
Status: In Review Resolved
Resolution: Fixed
Released As: ssh-slaves-1.31.1
Reply all
Reply to author
Forward
0 new messages